Cybersecurity: You Don’t Have a Weak Link, You Have A Weak Chain

We have all heard “the weakest link breaks the chain” but what if the chain used to lock the gate was constructed using chewing gum and paperclips? If link after link keeps failing it is time to take a step back and evaluate the entire chain to determine if there are material flaws in its construction and/or design. That is where we are with cybersecurity. Link after link (business after business and employee after employee) continue to fail and cause breaks (breaches). There are material defects in the way businesses are conducting their cybersecurity operations and the breaches are becoming bigger and more frequent. Organizations need to stop chasing the single pane of security, stop eliminating qualified candidates from being hired, start returning to the basics, and build a solid cybersecurity program using a solid framework, best practices, and current software and hardware. If internal code is created it needs to be maintained, patched, and continuously tested while having extremely limited public exposure. It’t time to strengthen the chain and stop blaming the links. It is the industry and the organizations whom need security programs that are to blame for the lackadaisical attitude towards data, cyber, and information security.